From f15ce50d5e87ea43b1b940e2f2e0ed70fe3072fb Mon Sep 17 00:00:00 2001 From: Jamie Slome Date: Wed, 16 Feb 2022 04:58:02 +0000 Subject: [PATCH] Create SECURITY.md (#4538) * Create SECURITY.md * Complete initial version of SECURITY.md * Fix PR link * Narrate our supported versions for security * Update SECURITY.md * Update SECURITY.md Co-authored-by: Nicola Corti * Improve wording * Update SECURITY.md Co-authored-by: Nicola Corti Co-authored-by: Chao Zhang Co-authored-by: Chao Zhang Co-authored-by: Nicola Corti --- SECURITY.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..2a8ddcbcd --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,17 @@ +# Security Policy + +## Versions + +Generally updating to the latest stable version will have all security issues addressed. +- Security patches are applied up to the **current minor version**. +- Earlier versions are not supported by default, but we will examine them on a case-by-case basis. + +| Version | Addressed issues | Fix | +|---------|------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------| +| 1.20.0 | [CWE-611](https://cwe.mitre.org/data/definitions/611.html) Improper Restriction of XML External Entity Reference | [#4499](https://github.com/detekt/detekt/pull/4499) | + +## Reporting a Vulnerability + +Please report vulnerability to security@detekt.dev. +We commit to respond within 2 weeks. You may also find us in the [#detekt](https://kotlinlang.slack.com/archives/C88E12QH4) channel of [kotlinlang Slack](https://kotlinlang.slack.com/). +If you have already reported on vulnerability disclosure platform, please include its link in the report.